Andy LoPresto created NIFI-5458:
-----------------------------------
Summary: NiFi security configuration requires substantial
knowledge and effort to deploy
Key: NIFI-5458
URL: https://issues.apache.org/jira/browse/NIFI-5458
Project: Apache NiFi
Issue Type: Epic
Components: Security, Configuration, Configuration Management, Core
Framework, Docker
Affects Versions: 1.7.1
Reporter: Andy LoPresto
Assignee: Andy LoPresto
To securely deploy Apache NiFi requires substantial background knowledge,
applied familiarity with a disparate set of tools and operating systems, and
disjoint manual effort. The NiFi TLS Toolkit and Encrypt Config Toolkits aim to
help, but the former is designed for development/sandbox environments, not
integration with enterprise certificate authorities (CA). In addition, NiFi
requires tightly coupled security configuration when deploying in a cluster
environment, and dynamic horizontal scaling is difficult.
This epic will serve as an aggregator for all individual tickets related to an
ongoing, holistic effort to streamline, automate, and lower the barrier to
entry to configuring a secure NiFi deployment.
* Generating or acquiring signed certificates and converting them to the proper
format (JKS, PEM, P12, etc.)
* Integrating with external certificate providers
* Securing the sensitive configuration values
* Automating deployment of configuration values
* Encapsulating/delegating security configuration for containerization efforts
* Automating deployment of TLS cipher suites and protocol versions
* Automating mitigation of TLS vulnerabilities
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
